Debian DSA-1183-1 : kernel-source-2.4.27 - several vulnerabilities

high Nessus Plugin ID 22725
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Several security related problems have been discovered in the Linux kernel which may lead to a denial of service or even the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2005-4798 A buffer overflow in NFS readlink handling allows a malicious remote server to cause a denial of service.

- CVE-2006-2935 Diego Calleja Garcia discovered a buffer overflow in the DVD handling code that could be exploited by a specially crafted DVD USB storage device to execute arbitrary code.

- CVE-2006-1528 A bug in the SCSI driver allows a local user to cause a denial of service.

- CVE-2006-2444 Patrick McHardy discovered a bug in the SNMP NAT helper that allows remote attackers to cause a denial of service.

- CVE-2006-2446 A race condition in the socket buffer handling allows remote attackers to cause a denial of service.

- CVE-2006-3745 Wei Wang discovered a bug in the SCTP implementation that allows local users to cause a denial of service and possibly gain root privileges.

- CVE-2006-4535 David Miller reported a problem with the fix for CVE-2006-3745 that allows local users to crash the system via an SCTP socket with a certain SO_LINGER value.

The following matrix explains which kernel version for which architecture fixes the problem mentioned above :

stable (sarge) Source 2.4.27-10sarge4 Alpha architecture 2.4.27-10sarge4 ARM architecture 2.4.27-2sarge4 Intel IA-32 architecture 2.4.27-10sarge4 Intel IA-64 architecture 2.4.27-10sarge4 Motorola 680x0 architecture 2.4.27-3sarge4 MIPS architectures 2.4.27-10.sarge4.040815-1 PowerPC architecture 2.4.27-10sarge4 IBM S/390 2.4.27-2sarge4 Sun Sparc architecture 2.4.27-9sarge4 FAI 1.9.1sarge4 mindi-kernel 2.4.27-2sarge3 kernel-image-speakup-i386 2.4.27-1.1sarge3 systemimager 3.2.3-6sarge3

Solution

Upgrade the kernel package and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.

See Also

https://security-tracker.debian.org/tracker/CVE-2005-4798

https://security-tracker.debian.org/tracker/CVE-2006-2935

https://security-tracker.debian.org/tracker/CVE-2006-1528

https://security-tracker.debian.org/tracker/CVE-2006-2444

https://security-tracker.debian.org/tracker/CVE-2006-2446

https://security-tracker.debian.org/tracker/CVE-2006-3745

https://security-tracker.debian.org/tracker/CVE-2006-4535

https://security-tracker.debian.org/tracker/CVE-2006-3745

http://www.debian.org/security/2006/dsa-1183

Plugin Details

Severity: High

ID: 22725

File Name: debian_DSA-1183.nasl

Version: 1.21

Type: local

Agent: unix

Published: 10/14/2006

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:kernel-source-2.4.27, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/25/2006

Vulnerability Publication Date: 6/27/2004

Reference Information

CVE: CVE-2005-4798, CVE-2006-1528, CVE-2006-2444, CVE-2006-2446, CVE-2006-2935, CVE-2006-3745, CVE-2006-4535

BID: 18081, 18101, 18847, 19666, 20087

CERT: 681569

DSA: 1183

CWE: 20